Apache Guacamole 1.1.0 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Apache Guacamole 1.1.0 suffers from exposure of sensitive information to an unauthorized actor vulnerability
The information has been provided by Mike Jumper
The original article can be found at:https://lists.apache.org/thread.html/r066543f0565e97b27c0dfe27e93e8a387b99e1e35764000224ed96e7@%3Cuser.guacamole.apache.org%3E
Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result in disclosure of information within the memory ofthe guacd process handling the connection.
Apache Guacamole 1.1.0